Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

bulled writes to tell us about coverage on CNet regarding a ruling a couple of weeks back that allows a spamming company to procede with their suit against a spamfighter. The 4th Circuit court ruled that the U.S. CAN-SPAM Act, much derided here, trumps the Oklahoma law under which anti-spam activist Mark Mumma sued Omega World Travel for spamming him. The ruling allows Omega World Travel's countersuit, for defamation, to go forward. From the article: "'There's been a lot of activity in the states to pass laws purportedly to protect their citizens' from spam, said Eric Goldman, a law professor at Santa Clara University. 'The 4th Circuit may have laid waste to all of those efforts.'"

This ruling could prove to be a setback for other antispam activists for one major reason: It suggests that, thanks to the Can-Spam Act, state laws prohibiting fraudulent or deceptive communications won't be all that useful against junk e-mail.

Basically, as far as i understand it, states will have a much harder time of protecting their citizens from spam.

What's unfortunate in this case is that the activist has said that he's not going to appeal the decision due to lack of funds.

Currently there is a conflict between various state and Circuit courts as to whether the CAN-SPAM act overrides stricter State laws regulating unsolicited email. The only thing that's going to resolve the issue is a ruling from the USSC, barring further legislation to clarify the issue. If this guy were to push on, he could conceivably bring it before the Supreme Court and get a real decision; more importantly, he'd probably concentrate enough media attention on it so that even if the decision were to go in favor of the spammers, it might make a tougher anti-spam law a campaign issue in the national arena. Right now, the spammers win if people don't make noise.

Perhaps some computer users organization should start a "Fight the Spamers" fund drive to pay for his legal bills, if he is interested in such an offer to help continue the fight. There are enough people out there who are fed up with spam that a "Fight the Spamers" legal aid fund might be feasible. I would be willing to contribute if it is clear that a well know responsible organization is supervising the collecting of funds.

In important legal fights like this, I would hope that there might be some organ

ie. You cannot enumerate (interpret and expand) the interstate commerce clause in the powers of Congress as a free and open door to regulate anything and everything under the sun

Umm, yes you can. Recently the DEA argued in California that they can regulate drugs produced and consumed by a single individual in a state where it is legal to do so for medical reasons under state law. This was based on the premise that the person NOT purchasing marijuana grown out of state affects the interstate market.

I agree with you, but given that Superman is out of town and Batman is indisposed, who are we going to call to scrub the stain of the past 80-odd years from our government and give back our country?It's a pretty short list of organizations and people who could do it; and I'm not sure I like the possible candidates for the job and more than I like the current bunch of crooks.

If you look at the decline of local control -- which is in my opinion, the only way that's ever showed any success at keeping governmen

But how can a state protect you from spam when the problem is really global where the state and US laws don't always apply? Even if all the states came up with some extremely strict spam laws it would just push spammers to other countries and they would still end up using spam bots from around the world. As long as there is email there will be spam. All we can do is deploy the best spam fighting techniques we can around our mail servers to reduce it.

But how can a state protect you from spam when the problem is really global where the state and US laws don't always apply?

The real key is to follow the money. For spam recipients in the US, most of the pitches are for goods/services that US consumers will hopefully by talked into buying. If the businesses that will transact the money are in the US, or have ties to people in the US, that's something to go for. If the pitches are for outright fraud (say, phishing, or the sale of bogus meds), then you've got a good case to take to law enforcement in whatever country is harboring the scammers. Sure, that isn't always helpful... but recall the recent article discussing how some companies (like Microsoft) are helping to fund the local PDs as they pass that research and evidence along to those other countries. It can't hurt.

But do you really think they can be tracked down that easily? For an example... some of the spam is just stock pumping scams. There is no direct contact mentioned in the emails and trying to track them down when they are relayed through multiple spam bots will probably prove not very useful escpecially if some of the end points end up in countries that could care less about US laws.
Even if we could locate and prosecute half of them(Which I don't think will ever happen) more will just pop up as others di

I am not saying we shouldn't try to keep US companies from spamming but to think that spam will be greatly reduced because a mojority of the US has strict laws against it I think is just wishful thinking.

You know what? I'd have better luck and less stress if I was ONLY trying to filter the stock pumping spam. If the people selling fake V1@gra, fake Rolexes, and fake everything else - all of the stuff that requires you to visit a web site and present payment - were taken down, it would hugely reduce the noise level. But more importantly, it's a matter of principle. Some fights are worth it, just because it sets a more civilized tone to overtly care about it and act with justice in mind that to just put up with it and decide that it will always be part of your life.

I agree that there needs to be a protocol change or two. But there is a LOT of inertia behind good old SMTP. And I'd rather null-route every packet from Romania, and lose the occasional piece of legit mail, than give in and say that some spamming asshat who happens to live there can litter me and all of my users with his trash. *blood pressure up*

Even if all the states came up with some extremely strict spam laws it would just push spammers to other countries...

So if all the spammers move to Indonesia, that fact can at least be used as another factor to improve spam filtering. I don't receive a lot of legitimate e-mail from Indonesia. And hey, if Indonesia has a problem with having their country's e-mail filtered strictly by the rest of the world, then they can can crack down on spammers themselves.

So if all the spammers move to Indonesia, that fact can at least be used as another factor to improve spam filtering. I don't receive a lot of legitimate e-mail from Indonesia.

Unfortunately, even if every spammer moves to Indonesia, they're not relocating their rented botnets to Indonesia. Sorry, no magic bullet there; the spams will continue to originate from a random worldwide assortment of pwn'd business servers in Europe, bulletproof hosters in China, and clueless lusers' trojanized home PCs on US bro

This is an American law served in America and only involving Americans. Sure you can't expect to police the world but we were told we had a law to protect us and now it's failed.I usually hate to abdicate vigilantism but it looks like the law was written to protect criminals and I can see why when I look at the number of lawmakers on their way to prison. Maybe its time for real justice? Good advise might just be that if you find a spammer save yourself the trouble and just sneak up on them and blow them awa

The only solution is a free-market solution. Better filtering, blacklisting, etc etc. The free market will sovle the problem eventually because unless we turn the ENTIRE WORLD into a police state, there is really no way to stamp it out.

If he sued a company under an existing law, and a court later found that a federal law outweighed the state law, how can the person suing possibly be held responsible? How can it be considered his responsibility to know the judgement of the circuit court before he even filed the case in the first place?

The well-named federal CAN SPAM law explicitly preempts state and local laws to allow spamming, so the Oklahoma law was already superceded. By providing a way to reach them and a working opt-out link, Omega met the low bar set by CAN-SPAM. The fact that you would have to be crazy to click on an opt-out link in a spam email didn't matter to Congress, and matters even less to a judge interpreting Congress' intent.

The point is: complain to Congress about the bad law, not the judiciary who have to play the hand that they're dealt.

Sounds to me like a lame law being faithfully upheld by the judiciary...to the deteriment of the people.

Which is exactly what the judiciary is supposed to do. People who use the term 'activist judges' to deride judicial opinions they don't like obviously have no understanding of the US legal system. It's not up to the juduciary to decide whther or not a law is 'lame'. Their job is to interpet laws. In some instances they can strike down all or part of a law for running counter to a superior law (the Constit

The well-named federal CAN SPAM law explicitly preempts state and local laws to allow spamming, so the Oklahoma law was already superceded.

Read the article more carefully. CAN SPAM explicitly allows for state laws dealing with "falsity or deception in any portion of a commercial electronic mail message." But this judge decided that a falsified header and return address were "immaterial errors" and that a strict reading of that portion of CAN SPAM was "not compatible with the structure of the Can-Spam Act as a whole." In other words, strained rationalization of the result the judge wished to reach.

I did read the article. Although cruise.com was in the From line and was not the actual source of the message, the cruise.com domain does in fact belong to Omega Travel, so where is the falsity or deception?

Read the judgement- there's almost no question in my mind- this case was extremely clear cut. On page six, quoted is the Can-SPAM act in which

This chapter supersedes any statute, regulation, or rule of a state or political subdivision of a state that expressly regulates the use of electronic male to send commerical messages...

is quoted. That strikes down the application of Oklahoma's law, which the judge ruled

...is not limited to inaccuracies in transmission information that were material, lead to detrimental reliance by the recipient, and were made by a sender who intented that the misstatements be acted upon and either knew them to be inaccurate or was reckless about their truth.

And then, the judge ruled that it didn't violate the CAN-SPAM act (The apellant, mummagraphics argued that the senders of the e-mails mislead mummagraphics as to the origin of the message, when the judge pointed out that it was a marketing e-mail- hence, it had all sorts of links and phone numbers and stuff to contact the people who had sent it.)

With all that established, the appellants had no case.

There's nothing fundamentally wrong with this, unless you have a problem with the doctrine of preemption- and if you do, that's a much, much larger issue than just spam e-mail.

Amendment X - Powers of the States and People. Ratified 12/15/1791. Note

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

Now, I'm no expert on the US constitution from my position as an outside observer, but I wasn't aware that Federal law could trump State law in this regard. Does the consititution explicitly allow the government to pass laws protecting spammers?

That strikes down the application of Oklahoma's law, which the judge ruled...is not limited to inaccuracies in transmission information that were material, lead to detrimental reliance by the recipient, and were made by a sender who intented that the misstatements be acted upon and either knew them to be inaccurate or was reckless about their truth.

And then, the judge ruled that it didn't violate the CAN-SPAM act (The apellant, mummagraphics argued that the senders of the e-mails mislead mummagraphic

This chapter supersedes any statute, regulation, or rule of a
State or political subdivision of a State that expressly regulates
the use of electronic mail to send commercial messages,
except to the extent that any such statute, regulation,
or rule prohibits falsity or deception in any portion of a
commercial electronic mail message or information attached
thereto.

The judge then took a narrow view of that language. His reading of the CAN-SPAM act is that "falsity or deception" above must rise to the level of a tort, and that the false information must constitute a "material deception". He then looks at the language of the CAN-SPAM act's criminal provisions, which prohibit the initiation of a "transmission to a protected computer of a
commercial electronic mail message if such person has actual knowledge,
or knowledge fairly implied on the basis of objective circumstances,
that a subject heading of the message would be likely to
mislead a recipient, acting reasonably under the circumstances, about
a material fact regarding the contents or subject matter of the message". Applying that language to divine the intent of Congress, the judge then rules that deceptive material in a spam e-mail must be believed by the recipient, and about a material fact, to be actionable.

Now, given the facts in this case, that's not totally unreasonable. The e-mails bore a return address of "cruisedeals@cruise.com", which was non-functional. But the messages were, in fact, advertising "cruise.com" and were in fact initiated by the operators of "cruise.com". So this is not an anonymous spammer.

This is key. The CAN-SPAM act protects spammers who properly identify themselves. (Those are today routinely caught by spam filters.) That was the clear intent of Congress, based on lobbying by the Direct Marketing Association. There was no willful obfusication by the sender here; it was clear that "cruise.com" was behind all this.

This decision doesn't provide any relief for anonymous spammers and scammers.

It would seem to me that this falls absolutely under the Interstate Commerce Clause, and that that provision is totally redundant- because this matter is solely of federal jurisdiction anyway. It was only placed there, I figure, to do exactly what it did here- stop the state governments from screwing with something that is definately of federal jurisdiction.

Moreover, you're being totally illogical. This is obviously interstate commerce, as the judge points out specifically. The reason this legislation was enacted in the first place was because of the difficulty of relegating this interstate commerce-related behavior.

Page 11, section C of the judgement, states...

"Congress' power to regulate interstate commerce implicity prohibits states from passing any law t

Let me guess, you're a anarcho-capitalist who believes that a world without government will be magical and sparkling and Ayan Rand would have been elected in 1952 and visted the lunar colony before flying around the world on her fusion-powered dirgible the next year, right? (the Probability Broach, in case you were wondering- apparently a seminal work in libertarian fiction.)The fact is, there's no real evidence the court is corrupt. I think that's quite a significant jump, and you'll need to provide me wit

I wonder if Judge James Harvie Wilkinson III would be interested in letting me deposit sixty millions of American dollars into his bank accout for my deceased Nigerian prince brother while increasing the size of his manhood and curing any desease.

J. Harvie Wilkinson III wrote this opinion in the 4th circuit. He's Reaganite authoritarian on the most "conservative" appellate bench in the country. You might remember him as the brave patriot who upheld the right of the executive branch of the US Government to indefinitely detain any US Citizen with no access to counsel, court, or any legal process to challenge that detention.

Basically, the 4th circuit is an incredibly hostile place for "the little guy" when challenging a big business.

I take it, then, that you disagree with the court's interpretation of federal law?

Yes. CAN-SPAM explicitly permits individual states to "prohibit falsity or deception." In my initial reading, this court conjures up a "materiality" requirement where none exists in statute, effectively saying that forged headers aren't examples of "material" falsity or deception because there's no detrimental reliance on same. The court totally ignores the fact that this type of deception is designed to bypass filtering (upon

Ironically enough, when I read the article, and advertisement for www.cruise.com, the spammer in question, appeared at the bottom of the page. I wonder how many people will read this article and then feel inspired to shop for a cruise from them?

Because they haven't committed any capital offenses.
"In most places that practise capital punishment today, the death penalty is reserved as a punishment for premeditated murder, espionage, treason, or as part of military justice."http://en.wikipedia.org/wiki/Capital_punishment [wikipedia.org]

It's a sticky area of the law. The statement "Bush is an idiot" will always be protected opinion. The statement "In my opinion, Mr. Smith is a nasty pedophile" will never be protected as opinion (though it may be OK for other reasons).
Simply adding the phrase "in my opinion" to a statement that is essentially a fact, offers no protection. Courts look at a number of factors to see if a statement is opinion or fact, including context, whether the statement is capable of a provable or unprovable meaning (

Every time you send mail to someone you've never sent mail to before, that's unsolicited email.

Unsolicited broadcast email. Broadcast means it's bulk. More than that, broadcast means it's indiscriminate - real email from your bank telling you about a new branch isn't spam, they're your bank, they have a relationship with you... but the same message from a competing bank, sent to the same mix of people who are largely NOT their cus

Unofficially, it depends on who is using the word, but genereally is't some kind of unwanted e-mail.

Unofficially, there's a technical term, that has the meaning I used. There's also casual usage and slang. The casual meaning of "stuff I don't want" (and not necessarily email.. spam started in Usenet) is not useful in this discussion, any more than the slang meaning of "bitch" would be useful at a dog show.

.....I have come to the decision to NEVER do business with your company, nor any of its subsidiaries. Your decision to utilize a means of advertising at the expense of consumers highlights the general business attitude your company has taken. Further emails to me will only reinforce this opinion, and quite possibly trigger a public effort, on my part, to make known to as many consumers as possible, via the internet, and any other means available to me, that your company is taking part in illegal activities (email advertising) at the expense of the very customers you are trying to do business with."

I send this to as many spam adverts as I can. I simply cut and paste the exact same reply. And NOT to the address contained in the advert. I look up the SALES dept. address and send it to THEM. In EVERY instance I have done this, the mails stopped.

For some reason my business email which I rarely use started getting carpet bombed with spam a few weeks ago. I get up to fifty emails a day in the bulk folder and some in the main folder. I'd ignore the bulk folder but since it's primarily for business half the needed emails ends up in the bulk folder and I have accidentally deleted good emails. The odd thing is I have a personal email with the same service that gets maybe half a dozen a day. I rarely give out my business one but they got the address off s

Especially when those federal laws explicitly state that they preempt state law. Noting the opinions here, it seems the old saying rings true, "an activist judge is any judge whose rulings you disagree with".

Yes I expect a spammer to care.They are running a business in a competitive environment. The reason they were spamming is they were trying to increase business. Many businessmen do not see spamming as being significantly different than advertising. Remember commercials have been shoved down the throats of the TV watching public for decades. So why should folks think a computer is all that much different than a TV? Ie... if they can get away with it they will.

I used to, back in the '90s. I used to contact the businesses referenced in the very few spams that I got that seemed to be for real non-scam products. At first, I got pretty good responses, but after a while it seemed that the remaining businesses that were still spamming knew exactly what they were were doing and what it cost in terms of lost sales, and just counted that as part of the cost of doing business.

I was getting a bunch of these for a few days. The text was just some random "story" that started mid sentence. I just kept having gmail send them to the spam folder. I guess it has learned now because I don't get them in my in-box anymore.

It is possible that it is some spammer who is lacking actual products to spam you with at the moment so they are trying to screw with as many bayesian filters as they can. Remember, most of these kinds of filters (any learning filter will use some implementation of this...thunderbird...gmail) base the legitimacy of the email on its content. This is why you will often see paragraphs of random text at the end of spams, the filter sees things like viagra, buy, sell, get rich, and the types of formatting usua

I've been seeing untold thousands of "XXXXX wrote:" through and blocked, both. They are all coming from desktop-looking IP addresses, so it's a bot army, methinks. Today, they were from Greece, the UK, some from the US, but the largest number were from Asia. Yes, started about a week ago. That, and a flood of messages with a reply-to that always starts with "debora[h]" and a domain name that looks scraped from industrial manufacturing lists somewhere. In other words, just another day in spamland. At least i

anti spam "activist"? wow, some people have really fucked up priorities. who cares?

You could say the same thing about people who breed cats, clean up highway trash, attend scifi conventions, babble on slashdot, attend soccer matches, or obsess about their particular pet Linux distro. At least this guy's passion happens to involve punishing people who cost the economy billions of dollars in lost productivity, bandwidth, and resources.

The people who care are the mail system administrators. Last week my company got 7000 email messages, of which 5500 were rejected at the first level mail handler and about half the remainder were still spam. I have to let that much through to prevent false positives.

This doesn't include the dictionary attacks (15000 last week) or hacking attempts (54).

before we get into a pissing contest about what company does what... i work for a major metro hospital. we are currently deleting about 65000 messages every 12 hours. this is stuff we consider obviously spam through a quite sophisticated algorithm. 65000 represents 86% of our email. now, ask me again why this matters.

First off, points to you for having to deal with that kind of crap...my fellow IT folks are indeed in the trenches.Now, that being said, you should be ELATED that you have to catch spam. You should be ready to squeeze off a load every time. Why?

Because for every spam email you are able to succesfully block and/or identify, it makes you look that much better! Think of it...some PEBKAC-stricken manager comes up to you one day:

"Hey Bob, how goes the IT stuff?""Eh, kind of frustrating...all this spam...we ar

Not to mention the money spent on additional mail servers and hard drive space to handle the load of all the incoming spam.

I used to work at a rather small ISP (~50K users) that had two iPlanet servers to store and deliver customer e-mail and five FreeBSD/sendmail servers to filter and process incoming e-mail. When the spammers would kick off a campaign, they would essentially DoS our sendmail farm. The load averages on those servers would shoot to 20+ (anything over 1 meant the servers were working ha